About copy protection vendor Copy protection products Copy protection solutions Software protection service Softwar copy protection support Download software protection tools Place an order Contact for technical request
 
Software Copy Prot. »
Content Prot. »
Web Authentication »
Case Study »
FAQ »
More news on copy protection
 Free Software Protection Kit Evaluation
 
A leading software protection dongle vendor, protecting your digital rights with a hardware key
Web Authentication
   

Download Web Authentication PDF Brochure

Download UniKey Web Authentication Package

Web Authentication 
Nowadays, people are paying more attention to web security and hence authentication has become an increasing critical problem of Internet and Intranet environments. SecuTech can provide a strong authentication and powerful workstation management solution to solve this problem. 
 
Overview 
As demonstrated in the diagram below, in order to perform strong web authentication the system requires not only a server with a content database, but also a database that contains information relating to User ID and to keys attached to workstations. 

The basic logical idea is that only the workstation with the correct key can access the server's content. On the other side, the workstation without a key or with a wrong key cannot retrieve the information from the server. 

Each workstation employing authentication requires a key to be attached, only a small daemon is installed. The key is driverless so no need to install a driver on the workstation.
Basic system requirement: Windows 98SE, Windows 2000 and Windows XP. 

 
Compared with traditional username/password authentication, this two-factor authentication method increases the security of the system, and provides a far more flexible web management environment. 
 
System Architecture
To perform strong authentication, the daemon on the workstation retrieves the User's credentials from the hardware key, and sets up communication with these credentials. In the second step, the server obtains the User's credentials and verifies these in the user ID database. The server will respond to the valid user and will block any invalid user by providing a warning. Finally the verified user can access the server and access data.

When next communication is launched, the same steps will be performed again as above.

The browser acts as the media between authentication server and a user. There is an ActiveX control which working as the bridge between a UniKey and the browser. The ActiveX control collects the info inside UniKey and sends the info to the authentication for the further authentication process. The ActiveX control is only for the data delivery and it is not involved in the later authentication process.

 

The authentication process is not strait forward, because we need a strong authentication. This process is called Challenge-Response authentication. The process is shown in the detailed.

The first step is to burn a UniKey. The management tool can generate a unique user credential for each UniKey key. It will retrieve the UniKey info and generate the user credential. Then the management tool store the user credential into the UniKey hardware key. Finally it add a user record into the user database. The user record contains at least the UniKey info and the user credential.

After adding the user record to the user database, we can say the user’s info is created. All the users in the user database have permission to logon the server.

 
Challenge - Response Authentication

The first step in the authentication process is the client to send a logon request to the server.

Then the server sends a challenge to the client. The challenge in general is a random string.

Client receives the challenge, and it should compose a response. The response is generated by the UniKey info, user-credential and the challenge. The algorithm is based on HASH algorithm, so it is in-revertible. 

Response = HASH_ALGORTHM( UniKey Info, User Credential, challenge)

Now, the server gets the response and it can retrieve the corresponding info from the user database. Then the server does the same computation again, and compares the result from the client. If the result is the same, we can say the client is authorized, and vice versa. 

Finally, the server sends the result to the client. If the client is authorized it can logon the server. 

Please note, the challenge is always different each time, so the response should be not the same. User credential is also unique to each key and user. 
 
System highlights

No need for a CA, CA is difficult and expensive. If you do not have a CA, you have to buy digital certificates from a third party, and it might increase the cost.

Easy implemented. The system is easy to be implemented. Our technical engineers will work with you.
Cost-effective. Getting rid of the full PKI system, we arrive at a cost-effective solution.

Customized functions. We can provide some customized functions based on customers request. 

Easy of use, we design the system in order to provide a simple but secure solution for customers. Our customers can forget all the rigid technical terminologies. 

Acceptable security, though the process is simple, the security is good. We user in- revertible algorithm and each user holds a unique hardware key and digital credential. 
 
 
 

Back<<<
 
 
 

Privacy Statement Terms & Conditions SecuTech Solution Inc.. 2005- 2006 . All Rights Reserved
SecuTech Solution Inc, the software security expert who provides UniKey software copy protection license control solution and free technical support or professional advise for customers.The UniKey dongle products(as known as USB hardware key, Security dongle, or software hardlock) act as the #1 driverless software copy protection dongle in the software industry.